A critical security vulnerability, identified as CVE-2024-3273, has been discovered in D-Link Network Attached Storage (NAS) devices, putting over 92,000 internet-facing devices at risk of being easily hacked. This vulnerability, along with CVE-2024-3272, allows for remote code execution (RCE) by chaining a backdoor and command injection. Hackers are actively exploiting these vulnerabilities to take over devices, leading to potential data theft and unauthorized device control. Despite the severity of the issue, D-Link has announced that it will not be issuing a fix for the affected devices, urging owners to upgrade or disconnect their devices as soon as possible. In response to the threat, Ansible playbooks have been designed to check and remediate another vulnerability, CVE-2024-3094, known as the XZ Backdoor. Additionally, a Proof of Concept (PoC) for exploiting CVE-2024-3273 has been made available, highlighting the urgent need for affected users to take action. Reports from Security Affairs, Shadowserver, and The Hacker News emphasize the critical nature of these flaws.